Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
From Help Desk to Detection Engineering, and Finding Your Path in Cyber
132 Plays6 days ago
New episode drop! This week Chloe Burton joins us to talk about her journey from IT Help Desk to Head of Detection Engineering.
George K and George A talk to Chloe about:
- How she used a foray into Splunk to learn and launch her career
- Why "more alerts" doesn't equal better security
- Her views on consulting as a career accelerator in cyber
- How she looks for and mentors new talent
If you're tired of the "more alerts = more security" mindset or wondering how to break into cybersecurity from a non-traditional background, this episode is for you.
———
🇨🇦 We’ll be setting the stage on fire with the opening keynote at SecureWorld Toronto on April 8th. And…we’ll be closing out the show with our signature event, the Cyber Pitch Battle Royale!
Use our exclusive discount codes to save on registration for SecureWorld Toronto:
- BKBTSWC1 $50 off - BKBT Conference Pass
- BKBTSWO1 $50 off - BKBT Open Session Pass
- BKBTSWP1 $75 off - BKBT Plus Pass
Register to attend the Cyber Pitch Battle Royale here: https://lu.ma/of952b1f
————
👊⚡️BECOME A SHOW SUPPORTER
https://ko-fi.com/bareknucklesbrasstacks
For as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!
Your contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.
We appreciate you!
Recommended
Transcript
Transitioning into Tech Careers
00:00:00
Speaker
Not every day is the same, so I would say you know if you're switching a second-third career, know that what you're coming into is going to be something completely different than you've ever done. um you know What we do in our day jobs is just always transforming and changing. um You get an opportunity to hang out with a lot of smart people. I think in my entire career,
00:00:22
Speaker
i've met so many amazing folks um And so that is something you can look forward to, and that's without a doubt going to be provided no matter where you get into this space at.
Introduction to the Podcast 'Bare Knuckles and Brass Tax'
00:00:38
Speaker
Yo, yo, yo, it's the show. This is Bare Knuckles and Brass Tax, the cybersecurity podcast that is concerned with the human side of the industry, trust, respect, everything in between. I am George Kay with the vendor side. And I'm George A, a chief information security officer.
Guest Introduction: Chloe Burton
00:00:53
Speaker
And today our guest is Chloe Burton, head of detection engineering at DeepWatch. I've known Chloe for a few years now, back when she was with Accenture. And yeah, we get into her journey, which is unconventional. Again, I don't think we've ever talked to somebody who has a conventional It's not really our jam, but yeah. Does that don't even exist? Yeah. Anyway, it's great.
Chloe's Career Path in Cybersecurity
00:01:17
Speaker
We talked about ah detection engineering, how she basically built a career out of Splunk and then we get into talent development and what she looks for when she's hiring.
00:01:27
Speaker
Yeah, this is a, she's an example of a very intelligent person who is clearly quite adaptable. Um, and she's one of the rare few people that have served in big consulting and not been full of hatred and disdain and general exhaustion to the point of even recommending. She survived with her soul intact. Oh, and she's like recommending people to go into it. She's given inside tips. She's telling people how to interview. She's telling people all to get hired. That's a lot of value in this episode. So give her a listen.
00:01:57
Speaker
Chloe Burton, welcome to the show. Hi, how you doing? Happy to be here. Yes, ah we were trying to make this happen later in the year, but we had some snafus this week with weather on the East Coast. We lost internet with another guest and very grateful that you were able to jump on on short notice, but this is going to be an awesome conversation. You are a practitioner and have been, but you're also on the vendor side, which by bare knuckles and brass tacks rules means the CISO gets first crack. So I will turn it over to George A.
00:02:28
Speaker
Very cool. Hi,
From Psychology to Cybersecurity
00:02:30
Speaker
Chloe. Thanks for joining us. ah Yeah, that that actually threw me off guard, too, because like we do um obviously like guest research for everyone who comes on. So I was looking at you. I was like, oh, but you're a practitioner. or You're technical. This is cool. This is totally George's thing. I can take the night off. And he's like, oh, yeah, no, she's sales side. And I ah. I will sell you anything, I promise. Oh, consultants. No, I started my career off in that world now. I totally get it. um But I would like to know, since you have a very unique background, describing your process, please, of how you worked your way in. Because let me tell you, like I have a psych degree as well, but mine was part of a double arts bachelor's, actually, ah like psych and politics.
00:03:13
Speaker
So it was all about behavioral science and performance management, like military college. So how did you go from the world of lab work and applied psych, because you have a science degree in psychology, into security and risk management, right?
Career Transitions and Shared Experiences
00:03:30
Speaker
Yeah, um so happenstance, I did not think I would be here, so it's a perfect harmony, I would all end it up, but um I started out help desk, so that track, we um from that help desk job, that company went out of business, and so another company purchased them, it just happened to Booz Allen Hamilton, which kind of set it off for me, right? um So getting into Booz, then going to Deloitte,
00:03:56
Speaker
um I will say 2015 is when I think I've truly started my journey because that was like consulting and it's prime for me and then moving to Accenture. And then when I got into Accenture in 2018, that's when I started doing security. um So I think in those first few years, I didn't really realize you know what was going on in the security world. I was just doing Splunk and I was doing tech, but 2018 was really that kickoff. And so I just run from there. I mentioned s Splunk.
00:04:24
Speaker
I tell people that's all I know. Spunk has taught me everything from security to Linux administration to the cloud. So I definitely leverage a platform to help me navigate through this industry.
00:04:37
Speaker
i I find that incredible for two things. One, your career timeline and my career timeline are like almost mirrored like because I got in in 2016. Two, um I just rip Splunk out and I don't want to do ah SQL query for pulling on alerts every day of my life. I don't know how you do it. God bless you. You're amazing. Georgia, go.
00:05:02
Speaker
What a segue. It is is an incredible segue. But actually, yeah, Chloe, you and I met, I think, when you were at Accenture, but yeah, ah Deloitte, all of that, man, talk about beltway bandits putting your time in. um But yeah, George raises a good point on the SQL query
Detection Engineering and Career Evolution
00:05:21
Speaker
stuff. I wanted to talk about detection engineering a bit more broadly. um You're now running that over a deep watch.
00:05:30
Speaker
but I wanted to bring it up because it's it's not quite in the zeitgeist, but it's definitely a... something has entered the cybersecurity parlance in the last few years. And um so you went from the consulting and then you went into the vendor side. And so part of your journey, this idea that you kind of learned everything through Splunk, which is quite brilliant. Actually, we'll get back to that. What were you seeing in practice that made you want to work on this particular problem?
00:06:05
Speaker
So
00:06:08
Speaker
ah be honest, I didn't. and like So back in the day, use case development is what I thought section engineering was, which I think essentially is. um I prefer data onboarding, and that was like my sweet spot. But as I've continued to go through the process so okay data onboarding is great but yes there' security relevance to it, but getting more deeper into that. And then I started to do more like minor mappings. And then obviously that bodes well for detections. And so then I was like, okay, I might not truly enjoy sitting down and creating detections and making all the logic.
00:06:45
Speaker
But I do like the fact that I can get hands on a keyboard, I can get in there, I can be dirty and have fun. um And then from that data, what I'm creating with these detections, like great visuals. So I kind of made myself like what maybe I didn't like with things that I did like around it.
00:07:01
Speaker
um And so yeah, and then when I think about that too, the process around it, the governance around it was also a space I started to get into. So like ah just that wrapper of what I actually like to do, doing it around what might not be so fun, but um I will say today, I have an amazing team. So they do a lot of those things, but still being able to get on the console and understand the logic and work through it and help our customers understand the benefits of what we do. um That's been probably the best part of my job to this point.
00:07:32
Speaker
Nice. Good answer. That was pretty solid. I mean, I i kind of... I always look at it as well because because use case acquisition is like kind of like the thing with Splunk because like you have to spend so much time if you're working Splunk within custom use cases. You can't get stuff out of the boxes easily. I find it takes up like the majority of time for a security operations. So I imagine as a consultant, you probably put in a ton of effort actually helping guide your clients along the path of building more accurate use cases with reduced false positives, right?
00:08:03
Speaker
Yeah, most definitely. And and you're right, eating that story that you're saying right there, and that's the story we're trying to tell. And sometimes it can be difficult, right? Because there is going to be that lack of technical capability from your customer. That's obviously why you're there as the expert. um But again, being able to translate that. So taking that logic out and putting that into real life, putting that into business life is the joy that you kind of get from that.
Challenges in Consulting Roles
00:08:27
Speaker
So I'm wondering then, so because you've always served in in consulting roles as far as I've seen, and please correct me if I'm wrong, but you haven't done anything directly yet on the client side from a SecOps perspective. Do you ever experience any difficulty winning over your clients for your advice when it comes to improvements in their security operations, incident response, or threat mitigation capabilities? Yeah. um I'll say I'm pretty persuasive, but yeah, there's definitely those times that, um, you know, it's, it's, you kind of find that battle. And I can say being insulted, right? So, um, you know, if you don't know, but if I'm sure you all do projects is how we work, right? So we do get that exposure to all different customers. So a lot of different opportunities to kind of test out, you know, gears that you have, work through those lessons learned from when it didn't work well before. And obviously, again, across all different industries. So that's the really great benefit of being consulting. I can go financial, I can go retail, I can go communications. And so being able to navigate through all that just gives you more experience as you continue the conversations with the customers. And you've got the goldmine before I hand it off to George. like And I remember from consulting, this was like the thing.
00:09:36
Speaker
The guys and the girls that had been there long enough had like the biggest book of knowledge and like in their systems of like all these different client experiences. So they had referral documents that they could just template. So they got more and more efficient the more longer they stayed because they had the previous history of documentation. And you feeling the same thing? Yeah, for sure. i um I was known for my PowerPoint slides. And I definitely had a nice role in this. Spoken like a true consultant.
00:10:04
Speaker
Yeah, i'm I'm showing myself a little bit here, but yeah, that's that's so real. um And you know repurposing, and that's a thing. yeah And again, it's you know repurposing, but also you're bringing along the experience that comes behind that need and just being able again to navigate through that.
00:10:21
Speaker
Yeah, he was he was on consulting side. I was on a big global marketing agency and both of those jobs are ones that we would never go back to, but we sort of look back and think like, what a trial by fire. And we probably wouldn't trade that experience because it allowed us to.
Industry Challenges and Security Alerts
00:10:38
Speaker
ah Really accelerate skills development because you're just thrown at so many different kinds of situations and you have to in in one day you might meet with three different clients and you just got to pivot both mentally and energetically and all the stuff so um Yeah, so this is the bare knuckles portion of the show writes the airing of grievances. So I have ah my first question here is I Guess continuing on this thread of you know the evolution of Splunk usage and trying to find these use cases and now detection engineering. What grievance do you have, if any, with like where the industry is today?
00:11:20
Speaker
in terms of getting the value out of this tooling. Has it been, for example, maybe we've over-indexed on the technology and just assumed it could do things that it couldn't do, or that we didn't set the expectation that you needed a lot of fine tuning? Is it an over-reliance on the tech versus the process, like thinking through the use cases, thinking through the problems? You've worked with a number of clients, so interested to see like, have you seen any patterns or commonalities in like, I think they're all sort of missing the forest for the trees because of this thing. Yeah, I do. And hopefully this aligns with kind of you know what you're asking here. But one of my biggest things has been more alerts, more detections, more security. And I'm like, that's not quite it. I think, yes, coverage is great. Coverage is what we're trying to achieve.
00:12:14
Speaker
But that doesn't always mean the more alerts you have, you're you're better off. eight um Because you could have 100 alerts that are high fidelity, so you just have 100 alerts that aren't hitting the mark.
00:12:28
Speaker
And then it's also, again, industry you're in, like one of the adversaries trying to get within your space because skin financial is not retail, retail is not communications. There's some different things and there are some standard you know baseline you know stuff across the board and every industry, but um you have to ensure that you you tailor a bit. So again, don't stress it enough.
00:12:49
Speaker
Not more alerts doesn't mean more security. I think you really need to understand what you're getting in and what you're protecting and how you can know craft that and to ensure that your adversaries are going to be stopped sooner rather than later as I try to get into your networks and environments. Alert fatigue is a thing. Yeah, I mean, it's it's one thing that's coming. I mean, alert fatigue, I expect that from this guy. but It's one thing to hear that from a vendor, right? Because most of the marketing out there is like greater visibility into whatever the hell. And it's like, dude, I don't need more visibility. I need more action. I need more remediation. I need more, you know, ah tying it off and closing it out. So ah it's interesting.
00:13:34
Speaker
Um, I, so the second part here is, uh, you came in through
Talent Development in Tech
00:13:39
Speaker
the help desk. You, uh, sort of, I think we all stumble into security. I feel like there's so few of us who are like, yeah, that's I want to do. Um, so can you talk a little bit about the talent development that you've seen over the course of your career? I, I'm just really intrigued by this idea that you.
00:13:59
Speaker
Some people might see one tool like Splunk, like a limitation, but it felt like you took that as an opportunity to, you know, twist and turn and like within that process learn more. And, and that's interesting to us because we've talked with a lot of people and and the ones that are successful seem to do what you did, which is collect experiences as our recent guest Stacey Loki Day said.
00:14:21
Speaker
So, um yeah, just want to give you some space to talk about what you're seeing in the in the talent development pipeline today. Again, in terms of what's working, what's not. Yeah, for sure. And in terms of like other folks or or myself, like the community, yeah the talent, on the community. Yeah. yeah um Man, 2025. So 10 years ago, just insane.
00:14:46
Speaker
What I see today is obviously there's been a really big influx of folks wanting to get into tech and then the under underbelly of it being cyber at times. they um And so I do see a lot of folks going out and grabbing those certs. I think those are some things that are kind of easy grabs for folks to to get involved in and hopefully they get some hands-on experience.
00:15:07
Speaker
um you know i I do think it's a little bit more difficult to take the path that I took now, just because 10 years ago, Splunk wasn't what it is today. They were still trying to figure out, I think, I don't even know if ES was out when I started learning it. So it wasn't even security focused. And so lashing onto a tour platform, it's still possible. I just think this one is really saturated in the market. Most folks are just in it and you get it. So a lot of those certs,
00:15:36
Speaker
um some of those boot camps which you know i think is great i do really appreciate the passion you know I'll say the the younger the younger crowd that's coming in coming out of college and and being really excited um I think about my brother he's he's in school right now and he's a comp sci major right never would have thought about it but folks are actually thinking I want this when I grow up so to your point earlier I know it says that but i I do think I see more of that happening um the the hustle the grind the ambition and the passion like, folks are on it. um Again, I can't imagine being, you know, younger and reaching out to someone on LinkedIn or any kind of platform and trying to network and just digging and understand. um So that is something I'm really energized by. And it also keeps my mitos, right? Because I know that folks that are coming up that, you know,
00:16:25
Speaker
I have to continue to work to to keep up and make sure that I'm in the know. meaning obviously you know I'll say the buzzword for the first time here, AI, right and what that's doing in our space. you know So that's definitely a field that folks are able to get in and use that in security and the security space as well. So um a lot of things that you know I wasn't afforded 10 years ago that are available now and just um the networking around that and the folks in the space.
00:16:51
Speaker
you know It's interesting you say that because um you know we just in Canada, we had the CSO Forum conference and it's a great event and a lot of security leaders and stuff and there's a lot of students and volunteers and stuff and they're kind of opening up doors with more juniors.
Mentoring in Security
00:17:04
Speaker
um I find it interesting and it's just an add-on to George's question before we go to the next section of the show. um You are now getting into the management ranks, right? So you're seeing different conversations In and the conversation that I've had, and and I'm very much a pro-mentoring person, I think I mentor at least like a dozen people, um just like George, try to help my friends get jobs, try to help my mentees get jobs. um I am finding because of the oversaturation of students trying to get in,
00:17:37
Speaker
as Security leaders the conversations among us in our ranks that are kind of hush-hush cuz you don't want have a bad look but We're getting a little bit tired of all these students constantly coming up to us Right? And so, because we only have so much capacity. There's only so much time in a day. We have our actual jobs. And and I know from my experience, and again, I love the the youth that are getting into it. I love their energy. If I go in an event that's meant for security practitioners and leaders, and I want to network with my peers, but then, you know, students are constantly asking for your time, asking for your attention.
00:18:16
Speaker
how then you know it's going to start getting a pushback from security leadership. So how then would you recommend you know for folks trying to build those networks to do so in a way that doesn't potentially offend or or or like bother the person that they're trying to connect with, right?
00:18:34
Speaker
Yeah, not I get that. And I have to admit that i I got caught up in that a bit because I'm always trying to help everyone. And I had to at a point just say, I i can't. To you, I don't have the capacity. So it's so i I will say, folks, be creative. you know And I appreciate that. Some random tagline, your message, catch my attention. um you know I like the occasional hype up, of course. you know Make me feel good.
00:19:01
Speaker
um But I do think when folks approach me, um one thing that I do know is is if you're coming to me, like, great, bring your resume. Awesome. But like, you're coming with a purpose. You're coming with, you know, like, I don't know, there's some kind of like,
00:19:16
Speaker
Instinctual drive to you. yeah like i dont it's like You know what I'm saying? like i can just I feel that. and um you know I'm always going to offer my my time. and i'm I'm working through that. I've got to be better. But offering my time and the least that you could do is to respect that. So if you know we do set up a call, we do set out a talk, like just just come correct. um And then again,
00:19:39
Speaker
I'm always going to say at the end, we're best friends now. And so whatever you need and some folks will, you know, they'll follow up in some wall, but I think the folks that do follow up and they keep on me, that's something for me that signifies, okay, you're serious about this. So you showed up with the purpose and intention. Skin in the game. so Exactly. So, um, you know, I, those are the kinds of things I look for. And again, I'm, I'm doing my best to get to as many folks as I can and touch as many folks out there, but, um, come with the purpose and intention and it'll definitely show.
00:20:16
Speaker
Hey listeners, if you dig the snark, the stories, and the big swings we take, we'd appreciate your support. You can now become an official supporter of the show. You can send us a one-time gift or sign up as a member to provide ongoing support. Memberships start for as little as $1 per month. Just follow the link in the show notes. Each membership tier comes with a unique set of benefits, including exclusive discounts to the BKBT swag shop and even advisory services for your team. So really, for less than you'd pay for one cup of coffee per month, you can support the show. It covers our hosting fees, helps us make cool swag, and it lets us know that what we're doing is valuable to you. Many thanks to listener Dina Mathers for her recent contribution. We'd love to have yours too. Now, back to the show.
00:21:07
Speaker
um Now, Take the context of this question, not for folks who are are student level, but more for folks who would be second, third career.
Inspiring Career-Changers in Security
00:21:18
Speaker
How would you go about inspiring people to take the plunge into security technology today, especially if they're folks who are potentially on their second or third career and they may not necessarily have any kind of STEM background? Yeah.
00:21:34
Speaker
exciting um It's It's exciting. It's stressful, but not every day is the same. So I would say you know if you're switching a secondary career, know that what you're coming into is going to be something completely different than you've ever done. um you know What we do in our day jobs is just always transforming and changing. um You get opportunity to hang out with a lot of smart people. I think in my entire career,
00:22:01
Speaker
i've met so many amazing folks Um, and so that is something you can look forward to. And that's without a doubt going to be provided no matter where you get into this space at, um, you know, and I, I don't know about other industries, so I might not be able to say the same, but I just know that is true here. Um, and you get really close with folks. I think we may be trauma bond a bit, you know, and with insecurity. So you just, you get like, you have best friends in the space and I.
00:22:29
Speaker
I can say for each role that I've had within tech and security, I have some good good friends that we've we've been through the trenches together. So that's a big bonus. Yeah. So let's talk a little bit about the entry level talent, right?
Opportunities for Entry-Level Talent
00:22:46
Speaker
So I think all three of us essentially revealed that we just stumbled our way in.
00:22:52
Speaker
right Which means there was room to do that. And as you said, Chloe, the the world is not what it was in 2015. um but But...
00:23:04
Speaker
I also think um there's got to be room for that, right? Because as George said, people are interested and people are pivoting. I remember at the event that you and I met at in Arlington, ah she was at the time the head of GRC for AIG, like huge multinational bank.
00:23:23
Speaker
Her friend was a local teacher who had gotten burnt out during COVID and she recruited in her to run their security awareness training program. She was like, you have the perfect skill set. But that is really unique to see that. And I feel like the job descriptions and the recruiting today, just like I want the perfect cog that fits into this part of the machine and there's it's annoying right there's just like one it's um if you're entering how do you you get in that trap like how do you build up the experience that people demand for a role and then you might be also be missing out on a diverse set of skills that
00:24:04
Speaker
You might not otherwise see. So just want to give you some space there about, you know, I know that you're currently hiring. So like, how do you think about that as you are probably inundated? job requests stuff like that Yeah. um I imagine it's it's tough. I know it's tough for books that are really in a career. um Lately, I've seen more like true early or entry career roles pop up, which I think is great. I do think we as a collective are starting to see we need to make space for that.
00:24:40
Speaker
um I can also admit that I've been a culprit, right? Because sometimes you just gotta get the talent you need right then and there. So it is tough at times to have to build folks up. um you know I would love ah but love love love internships, like to do internships with folks, right? um That's something that I was able to do at Accenture, which was great because it does give that space to be able to you know have those folks kind of play and get dirty and feel safe.
00:25:09
Speaker
And then you also understand, okay, they understand now, we're kind of crafting working with them, and you're more comfortable bringing them in. um But yeah, I think we still need to get better. I do my best when I'm, you know, helping with the job postings and what's going to be on there to just to be very clear and transparent with folks. You know, I'm looking for X, Y, and Z. And right now, that's that's just really what I need to do you to move forward with the team. If I have rules that are um that bode well to something that's a bit more the junior experience, I will definitely let you know. I'll continue to support you and obviously look at your resume and stuff, but there aren't just times that you've got to get what you've got to get. um But i I am hopeful. i I do see and I do feel like things are getting better as we we understand we need entry, like cure entry roles for folks to get in. Yeah, so I think that goes perfectly well. I was going to ask you, right?
00:26:02
Speaker
The big consulting route or consulting in general versus direct entry to client side organization versus entry through OEM or product side, right? Because those guys still need security people too. Where do you think is the path with the lowest barrier entry for folks at any age trying to get in? Do we go consulting, client, OEM? Yeah. Oof.
00:26:31
Speaker
I'm biased, but i consulting, it it just it gives you so many experiences. and the When I started consulting, I didn't start in cyber, right? So I think being in that space, you're able to pivot more because you have a whole organization that does so many things. um music So when I did start Deloitte, I was just doing more analytics type of stuff. um But I did know back at it, I was able to work on a project that was security focused. It was documentation for a government agency but it was security focused and i didn't even realize it I just kind of got dropped into it. um So I would say that just again, you have that space to grow, you know, knocking no knock on the other two. I think if you
00:27:16
Speaker
ah just understand too that you're you know you're going to see one side of the coin. um Because you know with the product, it's your product that you care about. You kind of see it from that lens. um As you know the client, you're you're seeing it from that industry. You're seeing it from a position internally. So there's not as much of that you know left and right, up and down. It's just very linear.
00:27:39
Speaker
Yeah. All right.
Interviewing Applicants in Cybersecurity
00:27:41
Speaker
My, my last question to you, Chloe is what is your favorite question to ask applicants? just, you know, what's your journey?
00:27:58
Speaker
i amm I'm actually intrigued from someone like myself that doesn't have a traditional background. I'm always curious to know what books do. um And then one of my round out questions I like to ask is, you know, why here? um you Why do you want to work at this organization? And we're so like with me, you know, like what what what brings you and what kind of drives you? And um but again, I think those two questions, the beginning and the anchor to me are that really that shows me kind of it gives you insight into you as a person because I am a very people-centric person if you can't tell I care a lot so all of what I do when I interview I'm mostly trying to figure out you as a person and then more importantly can you fit with the team that I'm looking to bring you on to?
00:28:47
Speaker
OK, I lied. One last question. So it has commonly come up on the podcast that one of the values that George and I look for the most is curiosity, right? If you it's very hard to train curiosity, but if you see that in a person, you're like, well, that is coachable because you can kind of take that intensity and train it in different places or they're going to have this self initiative to to also train it where they want.
00:29:14
Speaker
How do you look for curiosity? Like what are there places in the interview or things that you can kind of like suss that out? Yeah. Um, one of the questions I'll ask is, um, what kind of projects or home lab do you have or have you worked with? And like I get a pretty wide range of responses, but.
00:29:38
Speaker
And there's there's not a right answer. ah You could say nothing. That's okay. um Or we can go down rabbit holes. And I've been down rabbit holes, and I'm like, hey I have no idea what you're talking about, but this is awesome. Is the fact that you took the initiative to go out and figure all this out, whether that's you know building your own PC or getting in the cloud, or if you don't know detection engineering, getting into that space. So to me, that's probably one of the first points in the interview, well besides when I asked you that it was a journey, but one of the first points that I'm able to say, okay,
00:30:07
Speaker
Where are we going here? look is that are you just like Is this fun? Are you curious? like what What is it about you? and and that's That's my job at this point. I can confirm, by the way, from a CSO perspective, one of the key questions I ask anyone I'm interviewing to hire, show me your CTFs and that they have zero. Goodbye.
00:30:29
Speaker
Yeah. This cat, this cat wants, this cat wants hard skills. He's like, I don't care how much paper and how many letters you got behind your name. You got to do the shit. That's what he wants to see. Have you, have you taken them down? Um, I will leave you with my, my new favorite question to ask people is, um, what is currently open in your browser tabs?
Unconventional Interview Questions
00:30:53
Speaker
yes oh
00:30:57
Speaker
because people people got weird stuff and maybe there's something there that's super interesting. um like you if you got If you got like a a YouTube link open to the latest Champions League highlights and you're like, I'm waiting to watch it later, we have a conversation to have right now. I know something about you that's not on the application. But um yeah, i'll I'll leave you with that. Chloe, thank you again for jumping on with such short notice. Really appreciate this. And it was a blast.
00:31:31
Speaker
If you liked this conversation, share it with friends and subscribe wherever you get your podcasts for a weekly ballistic payload of snark, insights and laughs. New episodes of Bare Knuckles and Brass Tax drop every Monday. If you're already subscribed, thank you for your support and your swagger. Please consider leaving a rating or a review that helps others find the show. We'll catch you next week, but until then, stay real.